Cyber Startup Zafran Secures New Funding as AI-Driven Threats Escalate

Zafran Security has raised $60 million in a new funding round to support the expansion of its AI-based cybersecurity platform.

The company was founded in 2022 by Sanaz Yashar, who served in Israel’s Unit 8200 and later held senior roles at FireEye and Mandiant. The Series C round, which brings Zafran’s total funding to $130 million, was led by Menlo Ventures, with participation from Sequoia Capital, Cyberstarts, PSP Growth, Vintage Investment Partners, and Knollwood Investment.

Zafran builds tools that help organizations find and fix security threats shortly after they appear.

Its newest platform, Agentic Exposure Management, uses autonomous software agents to identify vulnerabilities and take mitigation steps. The company says the platform is meant to reduce reliance on manual processes, which often delay responses when time is limited.

The new funding will go toward product development, international expansion, and hiring.

Why It Matters: Security teams are dealing with more vulnerabilities, and many can be exploited within hours of becoming public. Existing tools weren’t built for this pace. Zafran focuses on automation to shorten the gap between disclosure and response, giving teams a way to act before attackers do.

• Series C Raises Zafran’s Total Funding to $130 Million: The latest round of investment follows a $70 million raise in September 2024. The company did not disclose its new valuation but stated that it has doubled since the previous round. The list of backers includes venture firms that have also supported companies like Wiz and CyberArk, both of which were acquired in large deals within the past two years.

• Agentic Exposure Management Aims to Streamline the Security Lifecycle: Zafran’s newest platform uses autonomous agents that handle the full cycle of threat exposure. They identify systems at risk, evaluate which vulnerabilities are most likely to be exploited, determine which patches are necessary, assess the impact of changes, and help coordinate fixes. The goal is to connect steps that are often handled separately, which can cause delays or missed warnings.

• Reported Revenue Growth and Enterprise Adoption: The company says it has more than tripled its annual recurring revenue since its last raise. Zafran’s clients span across industries, and the company reports that several are Fortune 500 firms. Many are using the platform to cut the time and effort spent sorting through vulnerability alerts and to focus on risks that are more likely to lead to incidents.

• Faster Exploitation Timelines Create Pressure to Respond: In the first quarter of 2025, 30% of vulnerabilities that were later exploited were targeted within one day of public disclosure. This short timeline presents a challenge for teams that still rely on manual patching cycles, which often take days or weeks. Zafran’s platform is meant to shorten that response window by automating analysis and coordinating fixes more quickly.

• Origin Story Tied to Hospital Ransomware Case: Zafran was created following an investigation into a ransomware attack on a hospital in Israel. According to the founders, the attack was caused by gaps between different security tools that failed to work together. That investigation helped shape the company’s focus on building a system that brings data, detection, and action into a shared framework.

Go Deeper -> Former cyber spy raises $60 million to fight AI threats – CNBC

Zafran Triples ARR in $60M Round to Reinvent Exposure Management with Agentic AI – Zafran